Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Apr 2016
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Wifi profiles on domain

    Good morning all. I have an issue where we have a domain environment and when we setup a new laptop and join the domain wifi profiles automatically install. Which is fine, but we have since changed a few of the passwords on those connections so we need to change them. So this leads to my question, I have no idea where those profiles are installing from. I have changed the ISO we use for installation thinking maybe they are pulling from there somehow. I have checked for any group policies and have found none. I can delete the profiles in the registry and reboot, they will stay gone until I connect to the domain and then they magically appear with the wrong passwords. I can change the password but the next time the user reboots it changes back. I have searched high and low and cannot find where these profiles are coming from. I anyone can offer any advice or suggestions please do so.

    Thank you in advance.

  2. #2
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,405
    Thanks
    447
    Thanked 404 Times in 376 Posts
    The user has a local wifi profile on his laptop. Whenever he connects, the local profile is used. That's where the password is being stored.

    You could probably set up a policy which would delete the user's local wifi profile for your network if it finds one, whenever he disconnects from your network, or perhaps whenever he logs onto Windows, forcing him to start fresh each time he wants to connect. That would eliminate the invalid password problem, but it would force him to reconnect to your network and then input his password anytime he wanted to connect to your network.

    We had this issue continually at my last job. Due to HIPAA regulations, we wanted to have tight security on our network; so we forced the users to change their passwords every 35 days or less. This resulted in LOTS of lockups continually, both from the wifi profiles and from the email profiles, because the local wifi and email profiles stored the last password used, but wouldn't automatically get the new password when the user changed his password; they would still try to use the previous password. When the user called with a locked account, we would advise him to delete the connection for our network, and then reconnect to the network.
    Last edited by mrjimphelps; 2016-04-20 at 10:01.

  3. #3
    New Lounger
    Join Date
    Apr 2016
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for the quick reply. I understand where you are coming from, but we do not want the end user to know these wifi passwords, thus we would like to be able to have them load for them when they connect to the domain.

    for the life of me I cannot figure out where those passwords are stored that will load it in the profile of each user. I can manually delete each wifi profile and reboot. As long as I do not connect to the domain they will not recreate. As soon as I connect to the domain they reappear with all the wrong wifi passwords. I would love to find where these are stored so I can change them and the end user will not have to call and have me enter the password each time they reboot.

  4. #4
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,405
    Thanks
    447
    Thanked 404 Times in 376 Posts
    Perhaps I misunderstand your question. In our situation, when the user wanted to connect his laptop to the network via wifi, he would choose our wireless network from the available wireless networks, enter his password, and he was then connected to the network. In this process, the user connected, not the network administrator.

    If he had the wrong password stored in his local wifi profile, the process of trying to connect with the wrong password would lock his network account. So, for example, if he had set his iPhone to connect to the network via wifi, as soon as he arrived to work, his account would lock, because it would automatically try to connect. Our solution was (1) the user deleted the connection on his iPhone, and then (2) we unlocked his network account. He was then good for a month, until he changed his network password again but failed to first delete his wifi connection profile.

  5. #5
    New Lounger
    Join Date
    Apr 2016
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Understood. Our situation is a little different in we have a password setup for each SSID and when it comes to the internal lan connection we do not want the employees to know this password. Our network admin that set this all up is no longer with the company and did not leave any notes on how it works so I am trying to back track and figure it out. It is frustrating in that we enter the new password for them and the next morning they come in and boot up their laptop we have to enter the password again because it reverts back to the old one.

  6. #6
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,405
    Thanks
    447
    Thanked 404 Times in 376 Posts
    If you want to limit which devices are allowed to connect via wifi, you could allow only certain MAC addresses. In other words, if a user wants to connect, he would have to bring his device to the IT dept so that you could include his MAC address in the white list.

    I'm not sure how to limit it only to wifi connections, so you may have to include the MAC addresses of all computers in the company.

    Here is some discussion about how you can make a list of the MAC addresses which log onto your network. After a certain amount of time (say, a month) of gathering this info, all of the listed MAC addresses could be whitelisted. From that point forward, users would need to register their devices in order to be able to connect via wifi.

    This may be a more preferable way than a secret password of controlling who is allowed to log on via wifi.

  7. #7
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    The password will be set by Group Policy. Find out what group the laptops are in and then check what policy is linked to that group.
    https://technet.microsoft.com/en-us/.../cc753298.aspx

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •